A winning combination of enterprise-grade security to protect your customers and proven reliability to keep your recurring billing running smoothly.
Chargify is annually audited to maintain the highest level of PCI compliance for a service handling sensitive payment data. With billing information flowing through Chargify, you can comply with industry-standard security practices without the time and resources required to maintain such standings. Our number one goal is to protect you and your customers.
Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 1 report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (a.k.a SSAE 16) and documents operational policies and procedures for Chargify’s system of internal controls.
As a security best practice, we require secure passwords for all Chargify users. As an additional layer of protection, we provide the ability to enable two-factor authentication. When enabled, internal team members must enter an authentication token from their mobile device prior to gaining access to the Chargify interface.
Your teams play important roles in running your subscription business, but not every team member needs full access to Chargify’s interface. Customer support needs to access and manage subscription information, finance needs to view and export financial metrics, etc. Our access controls allow you define what users can see and do within your Chargify account.
Our software runs in three datacenters across the US. On a daily basis, we export the database and store it in an offsite facility for extra redundancy.
Extensive performance and availability monitoring allows us to keep a close eye on system health and mitigate unforeseen issues early on.
Uptime is as mission critical to us as it is to your business. Our trailing three-year uptime record is 99.99%, and we’re fanatical about maintaining that record.View our uptime report.
We regularly submit ourselves to hacking by the best "good-guy" hackers in the business. This practice ensures we remain the most reliable, secure system in the industry.
We provide a PGP key to encrypt sensitive communication that you send to us.
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGHp544BEADEdsIDL5HCGJ0YjVsPWIhmK5xMxRamO44fPp+VfGYy+nl9iQVq Ibzg6hPBCl3YHH03domcPNN0ZBPKCAyi4NoMAzYbKPsQwG/o1WgXVpHtN104uNHS dyy9t9KOopsFEL7wyn9dgm7SP7lH+tXfuyHWvswz9f/VeGPSFjF91dFMKf4YTeH2 vj7m4tpFj8QelIALLNX6NRKA/jODNVJjTyp9Mg7BsqLFsge4W7k8p/k7A0RdE9WY EZbKVIsy4nrYZsxUypLVF93pt5S0Ih1zjM2nBysj4tZHn2QqGIsDMdhKIV7i3MqT xPZ3FRKuP+fe/RR8NIRFxSmkef5TWiZKosA/CbSXQU8ho45TCCxVxqyJBBrRGi2/ GKo3wf9C0di16/tGjmPWbO4F3SgzebSj+Wz8OEQlai9sydnjP7S4PDBHyZ7rdO4s Bhg57Xlqa8bpB96vi3T1tnME7g8lwafrB7CVdBySmkuuNLFLyvN5TdQb2nWax35q H7FjGpCnNStNGd5j9nf4BZZF5vb2jHnWHPthFN84EUei6GlLjtkrSGHCrvH3+fAV 9QUmmLi0XcOlH1vHiNMvb7xbAl2OgHSMaJFD48/t1NB5wM8h2aORX5sz72zw8kDw HPMmC/S35Ie+ElFhdiO9VcmkN4cvd1o2+Odv7xvQxQBBTdeQJq6KKtXO6wARAQAB tClDaGFyZ2lmeSBTZWN1cml0eSA8c2VjdXJpdHlAY2hhcmdpZnkuY29tPokCVAQT AQoAPhYhBJzk45bvQkHRmwZim1b12E9Sj5VFBQJh6eeOAhsvBQkB4TOABQsJCAcC BhUKCQgLAgQWAgMBAh4BAheAAAoJEFb12E9Sj5VFxRcQAJPtVw8QTyfsgBakNylK SgN2e61jC0TiC8KvLiQ0ghqhgIWnBuKOLKm0ZRhIxEE10uxyEobo9wQM1apHbXzT JOPWuLxswR7qg4JweA4I1ZN5Yq94wShKgkQSUduYpbh4NvFOCxJxn1FgRso5/TeD E8V0AS+JCsjyNntKgyEpnrvdzZBrbEkT7TI6ei/q3tSpW+/pB9AYhfqrcBVEjrNZ HujIhUIyuKBbzBz2zQQ9pguRvPPGz6c3rDomFaxNvfE0xl4FIA7zGQUYWzGi4Bg2 2q5y6MCgVcapFmEBpB8OLY9DEFkiQddz7FAsCLkY1+X3Ib92hWyuMFh4/cRY/Jda jh9SVTQkVUAy/ADXZFtoCjicklgSrs1GoyJBvdfqzEygxLpQGz9vb3+OcueMB4kY l9a4WdiXVtZvNx3aQo4a4BAUKqcc3QS7HE9iy6+YfMwQ2QKZDDACHLeBC4P6bXeA v0itMQScfpRqdyevp9LGfz0wJom3yqCgbROZ6sQAhOLmBsJeziYXsBfMcWQ9rRV0 aeuYmVehRfShUg/umbwWS/wL8acfeWlwBtFvI31Slo8+jCsjwkEId3a3i4w16CdD nbmYuOyAK+/A0R5C/ZpqxbMjN4ms3knHHJJQ6YQU9hqssKDS1Dvqjt2KRCvVIzwi Hji5z0cQwBzWvqonAcJweGvB =2QaA -----END PGP PUBLIC KEY BLOCK-----
We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems.
If you believe you have discovered a potential flaw in any area of Chargify's security measures, we ask that you please share the information with us first and retain secrecy of your findings until we have remediated the issue.
If you have identified a vulnerability, report it via email to firstname.lastname@example.orgView Rules
We ask that you follow these rules for any responsible use of our system:
We ask that you please do not submit low value issues when there are only loose connections to known best practices, unless you can demonstrate a chained attack with higher impact. Google maintains an exhaustive list with explanations. This also includes things like: